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(54) TiUe: COPY SEC^JRITY FOR PORTABLE MUSIC PLAYERS 
(57) Abstract 



Data such as a musical track is stored as a 
secure portable track (SPT) which can be bound 
to one or more players and can be bound to a par- 
ticular storage medium, restricting playback of the 
SPT to the specific players and ensuring that play- 
back is only from the original storage medium. 
The SPT is bound to a player by encrypting data 
of the SPT using a storage key which is unique 
to the player, is difficult to change, and is held 
in strict secrecy by the player. The SPT is bound 
to a particular storage medium by including data 
uniquely identifying the storage medium in a tam- 
per-resistant form, e.g., cryptographically signed. 
The SPT can also be bound to the storage medium 
by embedding cryptographic logic circuitry, e.g., 
integrate circuitry, in the packaging of the stor- 
age medium. The SPT is bound by encrypting an 
encryption key using the embedded logic. By us- 
ing imique cryptographic logic, only that particu- 
lar storage medium can decrypt the encryption key 
and, therefore, the data of the SPT encrypted with 
the encryption key. To allow a user to playback 
the SPT on a number of players, players can share 
storage keys with one another. Such key sharing 
Is done in a cryptographically secure manner. Be- 
fore downloading an SPT to a particular external 
player, the ability of the external player to enforce 
restrictions placed upon the SPT is verified. 
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Copy Security for Portable Music Players 

SPECIFirATfON 



FIELD OF THE TNWNTTQiy 
The present invention relates to systems for distributing and playing digitized 
audiovisual signals and, in particular, to a mechanism for distributing and playing such 
digitized audiovisual signals such that unauthorized copying of such signals is discouraged 
to thereby protect intellectual property rights of artists. 



BACKGROUND OF TTTF TNyiriVfTIOlS 
Recent advances in lossless compression of digitized audio signals and storage 
capacity has recently led to the development of music players vvhich play CD-quality 
music stoied in solid-state memory. For example, a number of MP3 players are available 
into which a user can download compressed, CD-quality digitized audio signals into solid- 
state memory for subsequent playback. generally refers to the K4P3 fonnat which 
is the MPEG standard for audio coding (MPEG-1 Video, Layer 3 Audio, ISO Standard # 
1 1 172-3). The MP3 format provides excellent sound quality at a data rate of 128Kbits 
(44KHz, 16-bit samples, stereo). 

While MP3 players provide very good sound quality and great convenience for the 
user, MP3 players provide essentially no protection whatsoever against unauthorized 
copying of copyrighted works. Currently, a number of computer systems provide^'firee 
access to copyrighted musical works through the Intemet A user who is in possession of a 
digitized, copyrighted music signal in the MP3 fonnat can, albeit most likely in violation 
of copyright laws, distribute unlimited identical digital copies of the music signal to 
friends with no compensation whatsoever to the copyright holder. Each such copy suffers 
no loss of quality from the original digitized music signal. 

A few attempts have been made to thwart the unauthorized proliferation of perfect 
digital copies of digitized audiovisual signals. One such technique is used in minidisc and 
digital audio tape (DAT) devices. To allow transfer of previously purchased digitized 
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audio sif^s. one m^-^o^^M copy is „„„ ^ 

<^g.ul copies isp„veoW.T,picaU,,.si,^.bi,i„4,^^^j_^^^ 

*.s,o,edsignalisadigi.alcopy. If«»«e>,tiswri««,toft=9„,.gemcdium-eg 

e,«,^a,,dnldisc„,aDAT«p.-d„o^.^gi«^i,,p^^^^^^^.^^^ 

.omd,c.tefl^toc™,te„,„f^^j^,^^^^^^^^.^^^^^_^ 

md.««e cite an analog cop, _ coaem recoried d»o^ an a^log po„ of 
phy.r/^-„«^^^^.i33„^^^^^^^^_^^^___.^^^^_^ 

Tins fcnn of cop, p«ccto> is insafflciena, ^cdvc. For =xan,pl=. a. owner of 

ana„d.o.^Tc.ndis«butea.,.a3,oncn„au«.orizcdcop„o.od,crperso„..„addiUon. 

«nln»«<ld,g,W copies ofaCDcanben^ade onto nandiscsorDATsalaough each Of 
AOS. digital copies canno. be digitaUy copied. Ws ,o™ „f copy protection can also be 
^oessively .esnicave, preventing an owner of a pre,«»,ded atKUo ntedium ,„ „^ 

copies foreachofa„„mberofplayersoftheprerecordeda«Uoow„er,namely,playersin 

the home, office, car, and for portable use. 

As alluded to briefly above, the single-copy mechanism fails to prevent any 

copymg of digital read-only mediasuch as CDs. The content of such media is typically 
uncompressed and un-obscured such that unauthorized copying is unimpeded 

What is needed is a mechanism by which copyrightable content of digital storage 

medxais protected against unauthorized copying wMle affording the ownerofs^^^ 
storage reasonable unimpeded convenience of use and enjoyment of the content 



SUMMAPy nir thF. T1V Vli;^TTniv 

In accordance with the present invention, data such asamusical track is stored asa 

secureportable track (SPT) which can be bound to one ormore specific external playe. 
and can be bound to the particular storage medium in which the SPT is stored Such 

restricts playbackofthe SPT to the specific external players and ensures that playback is 
only fi-om the original storage medium. Such inhibits unauthorized copying of the SPT 
The SPT is bound to an external player by encrypting data representing the 

substantive content oftheSPTusingastorage key which is unique to the external player 
.sd.fficultto change (i.e.. is read-only), and is held in strict secrecy by the external pla^^ 
Specifically.the data is encrypted usingamaster media key and the master media key is 
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encrypted using the storage key. Since only the external player knows the storage key, the 
master media key is passed to the external player using a secure communication session 
and the external player encrypts the master media key using the storage key and returns the 
encrypted master media key. Accordingly, only the specific external player can decrypt 
the master media key and, therefore, the data representing the substantive content of the 
SPT. 

The SPT is bound to a particular piece of storage medium by including data 
uniquely identifying the storage medium in a tamper-resistant form, e.g., cryptographically 
signed. The medium identification data is difficult to change, i.e., read-only. Prior to 
playback of the SPT, the external player confirms that the media identification data has not 
been tampered with and properly identifies die storage medium. 

The SPT can also be bound to the storage medium by embedding logic circuitry, 
e.g., integrate circuitry, in the packaging of the storage medium for performing 
cryptographic processing. The SPT is bound by encrypting the master media key, which is 
used to encrypt the data representing the substantive content of the SPT, using tiie 
embedded logic. By using unique cryptographic logic in the packaging of the storage 
medium, only that particular storage medium can deciypt the master media key and, 
tiierefore, the substantive content of the SPT. 

To allow a user to playback the SPT on a number of players, e.g., one in the home, 
one in the office, one in the car, etc., external players can share storage keys with one 
another. However, such key sharing must be done in a cryptographically secure manner to 
prevent crackers fi-om attempting to collect storage keys fi-om external players. 

The two external players communicate with one another in a cryptographically 
secure session. One, the initiator, sends a request message which includes a certificate of 
the initiator and a first random number. The other, i.e., the responder, authenticates the 
initiator using the certificate and responds with a reply message. The reply message 
includes ±e certificate of the responder, the first random number, a second random 
number, and one or more storage keys of the responder encrypted with a public key of the 
initiator. The initiator authenticates the responder using the certificate and responds with 
an exchange message. The exchange message includes the first and second random 
numbers and one or more storage keys of the initiator encrypted with a public key of the 
responder. Thus, each has copies of the other's storage keys and can play SPTs bound to 
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the other external player. 

Before downloading an SPT to . partienlar extend player, the abili„ of to 

external phyerWenfi^erestoionsplacedupontoSFrisverified. Dnrbg. 
«o„p„,e=s«.toe«e«alphyeridenffle.d»se.W«of,es«e«„„.„U,i^b. 
enforced byfteextaalpla,^. Su*„pe» include. a»dm™ number of toes an SPT 

-plaManexpi,a«ontoebe>™rf^d,toSFrcan«, longer bepla,ed,a„da„un,ber 

of eop,es„ffteSPT*el,canben»ie.F„reach.ype„f^e«on imposed apona 

paraenl.rSPT.toex.ema, player is verified .„^abletoenfo:«tapar«ou,ar^„f 
~^..ftoe«em.|p^^„,^,,,,„,^„^^^^,^^_^^^^^____^^___^ 

the SPT. do™lo.dn« binding of to SPT to to extend player is reibsed 
Otheivrise, dovTOloading and/or binding is permitted. 

BRIEF PFSrwipnoM ni,j^f VM rn T tK' 
Figure 1 i^ablockdiagr^rofaeompnter system wWehincludes.ptayer.secme 

portable .raeks. and .n interfiee for « externa phyer in accordance to p,e«n. 

invention. 

Figure2isablockdiagram of the interfece and exten^al player ofFi^^ 
a storage medium for the secure portable track in greater detail. 

Figure 3 is a block diag.^ of the format of a secure portable track in greater 

detail. 

Figure 4 is a block diagram Ulustrating bindings in the header of the secure 
portable track of Figure 3 in accordance Avith the present invention. 

Figure 5 is a block diagram of two external players in accordance with the present 
invention in greater detail. 

Figure 6 is a logic flow diagram of the encoding of content to bind the content to 
an external player and medium in accordance with the present invention. 

Figure 7 is a logic flow diagram of the decoding of content to enforee a binding of 
the content to an exten,al player and medium in accordance with the present invention 

Figure 8 is a logic flow diagram of the exchange of keys between the two external 
players shown in Figure 5 in accordance with the present invention. 

Figure 9 is a block diagram illustrating restrictions in the header of the secure 
portable track of Figure 3 in accordance with the present invention. 
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Figure 10 is a logic flow diagram illustrating the assurance of an external player's 
ability to enforce restrictions in accordance with the present invention. 

Figure 11 is a block diagram of the interfece and external player of Figure 1 
showing a storage medium for the secure portable track in greater detail. 

Figure 12 is a logic flow diagram of the encoding of content to bind the content to 
a storage medium in accordance with the present invention. 

Figure 13 is a logic flow diagram of tiie decoding of content to enforce a binding of 
the content to a storage mediuin in accordance with the present invention. 



DETAILED DFSrRTPTyniM 

in accordance with the present invention, data such as a musical track is stored as a 
secure portable track (SPT) which can be bound to one or more specific external players 
and can be bound to tiie particular storage medium in which the SPT is stored. Such 
restricts playback of the SPT to the specific external players and ensures that playback is 
only fix)m the original, storage medium. Such inhibits unauthorized copying of the SPT. 

A brief overview of the operating environment of tiie secure portable music playing 
system according to tiie present invention facUitates appreciation and understanding of the 
present invention. Computer system 100 (Figure 1) has a typical architecture. Computer 
system 100 includes a processor 102 and memory 104 which is coupled to processor 102 
tiirough an interconnect 106. hiterconnect 106 can be generally any mterconnect 
mechanism for computer system components and can be, e.g., a bus, a crossbar, a mesh, a 
torus, or a hypercube. Processor 102 fetches from memory 104 computer instructions and 
executes tiie fetched computer instructions. Processor 102 also reads data from and writes 
data to memory 104 and sends data and control signals tiirough mterconnect 106 to one or 
more computier display devices 120 and receives data and control signals tiirough 
interconnect 106 from one or more computer user input devices 130 in accordance witii 
fetched and executed computer instiiictions. 

Memory 104 can include any type of computer memory and can include, without 
limitation, randomly accessible memory (RAM), read-only memory (ROM), and fixed and 
removable storage devices which include storage media such as magnetic and/or optical 
disks. Memory 104 includes a music player 1 10 which includes a secure portable track 
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U^^8 



(SPT^^Wace „4and Which is al.„rpa„,f„.,„^„„^,^^^^.^ 
««ne,ecu«M*i„p^„«2ftom™c«,„^,„4.Aco^p^,i,,^„,. 

eollec«onofco«p«eri„an^„„a„ad«a«chcollecdvelyde&«a,a.kperfb™edby 
a computer system such as computer system 100 Th,,c 

, , , , , purer system 100. Thus, when a computer process, such as 

player 1 10. takes a particular action, in reality processor 102 executes computer 
"Actions of thecon^puter process^ 
me particular action to be taken. 

(LED) d,,lay. o, . Bquid co*l display (LCD). Each of computer display devices 120 

receive ftoo, p^H 02 con^l si^ a.,a data and, in response u. such co«™i 

^8na,s.displaysU.,eceived data C^npn^rdisplaydevices 120, ™d,hecon,n,ld^f 
by processor 102, are conventional. 

Each of nserinpu, devices "0 can be any ■ypeofnserinp« device incl«ling 
™U.on, IhniMon, . keyboard, a n»eric ke«>ad, or . poinfing device snch as an ' 
electronic ^onse, trackball, lightpen. tonch^tiv. pad. digitizing tablet, wheels 
orjoysdck. Each of nseri„p« devices 130 genres sigt^ls in response ,0 physical " 
n^antpulation by the listener and transmits those signals dm,ngh inte,co™«ct 106 to 
processor 102. 

'^'»^Wpor.l«receivesco«,„lsig„alsfiomp™cessorl02thr<,n8h 
uuerconneet and, in response to the co«rol signals, receives d«a and sends data ,o 

processor .02. In addition, I/O ponl40 sends data to «,d receives data ftonradevice 
wh.dreanbeconpledtoI/OportI40h,tinsembodin«„t,asecareportab,en,usicplayer 
ISOrscoupIedtoI/Oport 140. I/Opo„ can he. for example, a serial por, or a parallel 
P«. Secure portable ™t»ie playe, 150 is sometinies referred to herein as poruble player 

Networkaccesscircuito^lfiOcouplescomputersystemlOOtoacomputernetwork 
170>vhchcanbe,forexample. anintranetorintemet Network access circuitry 160 
implements data transfer protocols between interconnect 106 and computer network 170 
and can be, for example, a modem or ethemet circuitry. 

Briefly, player no receives musical tracks 1 12 and associated data through 

computer networknOinamannerdescribed more completely inU.S. Patent Application 
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S/N 09/020,025 filed February 6, 1998 entitled "Secure Online Music Distribution 
System" by Philip R. Wiser, Andrew R. Cherenson, Steven T. Ansell, and Susan A. Canon 
M*ich is incorporated herein in its entirety by reference. Accordingly, tracks 11 2 are 
stored in an encrypted format in which only player 1 10 can decrypt tracks 1 1 2 for playback 
of the substantive content of tracks 1 12. SPT interface 1 14 creates secure portable tracks 
(SPTs) 1 16 firem tracks 1 12 and downloads SPTs 1 16 to portable player 150. While the 
substantive content of tracks 1 12 and SPTs 1 16 is described in this illustrative 
embodiment as music, it is appreciated that many of the techniques and mechanisms 
described herein are equally applicable to other forms of data for which unauthorized 
copying is to be thwarted. Examples of such content includes, for example, still graphical 
images, motion video, and computer software. 

In accordance with the present invention, SPTs 1 1 6 are bound both to storage 
medium 202 (Figure 2) in which SPTs 1 16 are stored within portable player 150 and to 
one or more specific external players, e.g., portable player 150. For example, storage 
medium 202 is a removable digital storage medium such as a recordable compact disc 
(CD-R), a minidisc, a digital video disc (DVD), digital audio tape (DAT), flash memory 
card, or similar removable digital storage medium. In addition, portable player 1 50 can 
include sufficient storage to store a number of SPTs 1 1 6 which can be directly 
downloaded into poilable player 150, obviating removable digital storage media such as 
storage medium 202. However, it is desirable to permit playback of content of SPTs 1 1 6 
in less-portable external players such as high-quality component players of home stereo 
systems and dash-mounted players installed in cars and other vehicles. Accordingly, 
removable storage media such as storage medium 202 is preferred to storage directly 
within portable player 1 50. External players are playback devices which can operate while 
detached from computer system 100 (Figure 1). 

Bindmg SPTs 1 16 to storage medium 202 (Figure 2) renders SPTs 1 16 unplayable 
when copied to a different storage medium. Similarly, binding SPTs 1 16 to a number of 
external players, including portable player 150, makes SPTs 1 16 unplayable in external 
players other than the external players to which SPTs 1 1 6 are bound. Accordingly, 
copying of SPTs 1 16 is inhibited. 

Understanding the manner in which SPTs 1 16 are bound to storage medium 202 
and portable player 150 is facilitated by a brief description of the format of SPTs 116. An 
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ofd«cnp»rs30SA.Dof.able.fc.,««,«306, Ai,taage.„,SPT„6ooUeoUve,/ 
repr=sc«a=s„b«a„«veoo««,«„fSPT „6, =.g.. digi«„y ^„,„^, ^^^^ 

^ of SPT ■ ,6 (P,g„„ 2) to bod. (i, .«>„ge 202 and (ii) a particiar external 

pU^«*.p„^,ep,a,eM.0.Bac,o,.,di„,.,„,,^^4^ 

fieM 40^. CO „ed,a ^ and intaa^on field 404. (iii, storage key identification field 

204^"*;t"'°'*'^^'^«~«''-d^y«ria.™™6e, 

of*epa™c„,arv.l,.„f.erialn,.,,,l^204i.diific.J.F„rexan,pl^^^„^^2„ 

can be stored inaportonofstotagetnedinnt 202 »,Johcan.« be ovenvritteno^c^b, 
-P-enW in aen^condnoto, cit^t,, included in atotage medit™, 202. ,t is app^ciated 

««set.a<n,anber204canneverbecon,p,etel,p™,ectedfi™na,te..ionbypa,.ic„^^^^ 
»ta.ous and persistent cactos. However, serial „»ber 204 shot^d no. be alterable 
by stratghtftrward data writing access to storage medium 202. 

Media type and infonnation field 404 (Figare 4) su,res data „p.sen,ing the type of 
3.o,age.ned.um202(Figu.2, Sucb^itscomparisonofUte indicated type^th^ 

n^ofstoragemedium 202. For example, if media^a„dinfb™ationficld404 
O'.gure 4) mdicates that storage mediun, 202 (Figure 2) is a DVD a«l portable player 1 50 

detenmnestba, storage medium 202 isaflash memory cart, portable player 150 can 
readily reject storage medium 202 as an invalid copy. 

Storage key idcndficad„„ feld 406 stores data identifying are stomge key. i.e., the 
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key with which the master media key is encrypted. The master media key is the key with 
which the substantive content of SPT 1 16 is encrypted. To bind SPT 1 16 to a particular 
external player, e.g., portable player 150. the storage key is a key which is maintained in 
secrecy and is allocated to flie specific external player. An example of such a storage key 
is read-only key 504A (Figure 5) of portable player 150. Read-only key 504A is analogous 
to serial number 204 (Figure 2) of storage medium 202 in that read-only key 504A is 
difficult to change, typically requiring physical deconstruction of portable player 1 50. For 
example, read-only key 504A can be embedded in the internal semiconductor circuitry of 
portably player 150. In one embodiment, read-only key 504A includes three (3) separate 
keys: one which is never shared with other external players, one which can be shared with 
other external players, and one which is common to all external players. By selecting a 
specific one of these keys as the storage key, player 1 10 and SPT interface 1 14 can select a 
desired level of security of the substantive content of SPT 1 16. 

Storage key identification field 406 (Figure 4) stores a digest of the storage key to 
identify tiie storage key wifliout recording the storage key itself witiiin SPT 116. 

Encryptesd media master key field 408 (Figure 4) stores data representing an 
encrypted rqjresentatioh of tiie key by which the content of SPT 1 1 6 (Figure 3), e.g., 
images 304A-C, is encrypted. The media master key is encrypted to prevent unautiiorized 
decryption of the content of SPT 1 16. 

Bindmg MAC field 410 (Figure 4) stores data representing a message 
atitiientication code (MAC) of fields 402-408 and therefore provides protection against 
tampering witii the contents of field 402-408 by a cracker attempting to gain unauthorized 
access to tiie content of SPT 1 16. MACs are conventional and known and are not 
described fiirther herein. 

Logic flow diagram 600 (Figure 6) illustrates tiie preparation of SPT 1 16 (Figure 1) 
fi-om one or more of tracks 1 10 by player 1 10 tiirough SPT interface 1 14 for playback by 
portable player 150. hi step 602 (Figure 6), player 110(Figure I) encrypts tiie content of 
one or more of tracks 1 10 using, for example, symmetric key encryption. Symmetric key 
enciyption of tiie content is used in tiiis illustiative embodiment to facilitate decryption by 
portable player 150 wifli sufficient efficiency to permit uninterrupted playback of CD- 
quality music while simultaneously leaving sufficient processing resources witiiin portable 
player 150 for decompression of compressed audio data and permitting use of relatively 
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type of storage medium 202 (Figure 2) in media type and information field 404 (Figure 4), 
(iii). storing the digest formed in step 606 (Figure 6) in storage key identification field 406 
(Figure 4), (iv) storing the encrypted media master key formed in step 604 (Figure 6) in 
encrypted media master key field 408 (Figure 4). and (v) forming and storing in binding 
MAC field 410 (Figure 4) a MAC of fields 402-408. 

Player 1 10 (Figure 1) can bind SPT 1 16 to multiple external players by forming a 
separate binding 400 for each such external player. For each such binding, player 1 10 
repeats steps 604-606 and step 608 except that the encrypted content is included in SPT 
1 1 6 only once. Thus, there is only one media master key by which the content is encrypted 
but each of bindings 400 stores a different encryption of media master key. 

The security afforded by such binding is more folly appreciated in the context of 
decoding for playback by portable player 1 50 as illustrated by logic flow diagram 700 
(Figure 7). In the context of logic flow diagram 700, storage media 202 (Figure 5) is 
installed in portable player 150 such that SPTs 1 16 are accessible to portable player 150. 
Portable player 150 includes player logic 502A which includes circuitry and/or computer 
software to implement the functions performed by portable player 150. To playback a 

selectedoneof SPTs 116, player logic 502A reads SPT 116and parses header 302 (Figure 
3) therefi-om and parses bindings 400 (Figure 4) from header 302. 

In test step 702 (Figure 7), player logic 502A (Figure 5) retrieves read-only serial 
number 204 from storage media 202 and media identification data from media 
identification field 402 (Figure 4) and compares read-only serial number 204 to the media 
identification data. If read-only serial number 204 and the media identification data are 
not equivalent, player logic 502A (Figure 5) aborts playback of SPT 116. Accordingly, 
simple copying of SPT 1 16 from storage medium 202 to another storage media renders 
SPT 1 1 6 unplayable. If read-only serial number 204 and the media identification data are 
equivalent, processing transfers to step 704. 

In step 704 (Figure 7), player logic 502A (Figure 5) selects either read-only key 
504A or a selected one of keys 506A1-4 according to the digest stored in storage key field 
406 (Figure 4). As described more completely below, portable player 150 can share keys 
with other external players. Keys 506A1-4 store read-only keys shared by other external 
players. The sharing of keys permits a single user to play content on a number of external 
players, e.g., a home player, a portable player, a player in a car, and a player at the office. 
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player 150B are analogous to one another as shown in Figure 5. Communication logic and 
ports 5 12A-B include hardware and software to communicate with other devices such as 
I/O port 140 and/or other external players. In one embodiment, communication logic and 
ports (CLPs) 512A-B are coupled directly to one another through a connector 520 and 
communicate directly with one another. Connector 502 can be, for example, a cable 
between communication logic and ports 512A-B. Alternatively, connector 502 can be 
Ught signals between communication logic and ports 512A-B which can include infrared 
LEDs and infrared light sensors. In an alternative embodiment, communication logic and 
ports 512A-B communicate only with an I/O port of a computer such as I/O port 140 of 
computer system 100. In the latter embodiment, computer system 1 00 includes at least 
two VO ports such as I/O port 140 and both external players are coupled to computer 
system 100 such that SPT interface 1 14 acts as an intermediary to act as connector 520 
between the external players. In an alternative variation of this latter embodiment, 
computer system 1 00 can have only a single I/O port 140 and SPT interface can act as a 
surrogate, exchanging keys with a single external player at a time and acting as a key 
repository. In this last embodiment, it is important that the keys stored within SPT 
interface 1 14 be stored in an encrypted fonn to prevent passing of the device keys to an 
unlimited number of external players. Such would be a serious compromise of the copy 
protection provided, relying more completely media binding for copy protection. 

Logic flow diagram 800 (Figure 8) illustrates a key exchange conducted between 
portable player 150 and external player 150B. In the embodiment in which SPT interface 
140 (Figure 1) acts as a surrogate external player and a key repository, SPT 140 performs a 
separate key exchange with each of portable player 150 and external player 150B in the 
mamier described. The key exchange of logic flow diagram 800 (Figure 8) is initiated by 
either of portable player 1 50 and external player 150B, perhaps in response . In this 
illustrative embodiment, portable player 150 initiates the key exchange. 

hi step 802 (Figure 8), CLP 512A initiates the key exchange by sending a key 
exchange request message which includes certificate 508A of portable player 150 and a 
first random number. The first random number is included to add variety to session 
encryption keys in a known and conventional manner to finstrate attempts of malicious 
and ill-tempered computer processes to masquerade as either of players 150 and 150B 
having eavesdropped upon the dialogue between players 150 and 150B in hopes of gaining 
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signs the exchange message using the public key of key pair 51 OA and adds the signature 
to the exchange message. 

In step 814 (Figure 8). CLP 512A sends the exchange message to CLP 512B which 
is received by CLP 512B in step 862 (Figure 8). In step 864. CLP 512B (Figure 5) verifies 
the signature of the exchange message using the public key of key pair 5I0A. The 
signatures of Ae reply and exchange messages serve to further cross-authenticate portable 
player 150 and external player 150B. 

To terminate the transaction, CLP 512B sends a tenninate message in step 866 
(Figure 8) which, in step 816. is received by CLP 5 12A (Figure 5). Steps 868 (Figure 8) 
and 870 are directly analogous to steps 818 and 820. respectively. Accordingly, the 
following description of steps 818 and 820 is equally appUcable to steps 868 and 870, 
respectively. 

In step 818, CLP 512A (Figure 5) decrypts the encrypted keys using the private key 
of key pair 510A. At this point, portable player 150 has all the keys of external player 
150B. In step 820 (Figure 8), portable player 150 stores the decrypted keys in previously 
unused ones of keys 506AM, discarding deaypted keys ah^y represented in keys 
506AM and discardmg keys when all of keys 506AM are used. While only fourkeys 
506AM are shown for simplicity, more keys can be included in portable player 150. e.g., 
256 or 1,024 keys. 

thus, as shown in logic flow diagram 800 (Figure 8), portable player 1 50 and 
external player 150B exchange keys such that any SPT, e.g., SPT 1 16, bound to either of 
portable player 150 and external player 150B can be played by the other. Such only 
requires a one-tune key exchange when a new external player is acquired by a particular 
user. 



Enforcement of Restrir tions nn SPT ^ f. 

Tracks 1 12 can have restrictions placed upon them by player 1 10 (Figure 1) and. 
indirectly, by a server from which player 1 10 acquires tracks 1 12. Any such restrictions 
are included in SPTs 116. Such restrictions are represented in header 302 which is shown 
in greater detail in Figure 9. Header can include a number of restrictions 902. each of 
which includes a restriction type field 904. a restriction data field 906. and a restriction 
state 908. 
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Restriction type field 904 stores data specifying a type of restriction on playback of 
SPT 116 (Figure 3). Such restriction types can include, for example, the number of times 
SPT 11 6 can be played back, an expiration time beyond which SFT 1 1 6 cannot be played 
back, a number of storage media such as storage medium 202 (Figure 2) on which SPT 
1 16 can be fixed, and the number of devices to which SPT 1 16 can be bound 

Restriction data field 906 (Figure 9) stores data specifying type-specific data to 
^ify more particularly the restriction placed upon SPT 116. For example if the 
restriction type is a number of times SPT 1 1 6 can be played back, restriction data field 906 
specifies tiie number. If tiie restriction type is an expir^ion time beyond which SPT 1 16 
camrot be played back, restriction data field 906 specifies the time. If the restriction type 
IS a number of storage media such as storage medium 202 (Figure 2) on which SPT 11 6 
can be fixed, restriction data field 906 specifies the number. And. if the restriction type is 
a number of devices to which SPT 1 16 can be bound, ruction data field 906 specifies 
the number. 

Restiiction state field 908 (Figure 9) stores data specifying flie current state of tiie 
restnction. For example, if tiie restriction type is a number of times SPT 1 1 6 can be 
played back, restriction state field 908 stores tiie number of times SPT 1 1 6 has been 
played back to date. Restriction state 908 allows SPT 1 16 to be passed between a couple 
of external players which can both enforce restiiction 902. 

Player 110 (Figure SPT interface 114 rely largely upon portable player 150 
and player logic 502A (Figure 5) in particular, for enforcement of restrictions 902 (Figure' 
9). Accordingly, SPT interfece 1 14 (Figure 9) requires assurance from portable player 150 
than aU restrictions can be enforced by portabfy player 150 as a precondition to 
downloading SPT 1 1 6 to portable player 1 50. Such downloading can include, for 
example, binding SPT 1 16 to portable player anc copying SPT 1 16 as bound to a 
removable storage medium. 

Logic flow diagram 1000 (Figure 10) illustrates the conditional downloading of 
SPT 1 16 (Figure 1) by SPT interface 1 14 contingent upon assurance by portable player 
150 that restrictions 902 (Figure 9) can be enforced by portable player 150. fa step 1002 
(Figure 10), SPT interface 1 14 receives from portable player 150 a list of restriction types 
which can be enforced within portable player 150 during registration. Player 1 10 
maintains tiiis restriction enforceability information along witi, tire communication key of 
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player 110. Accordingly, step 1 002 is performed only once for each external player while 
the following steps are performed as a precondition of downloading each SPT to an 
external player. 

In step 1004 (Figure 10). SPT interface 1 14 (Figure I) determines which 
restrictions are unposed upon SPT 1 16 by reference to restrictions 902 (Figure 9). Uop 
step 1006 and next step 1014 define a loop in which each of restrictions 906 is processed 
according to steps 1008-1012. During each iteration of this loop, the particular one of 
restrictions 902 processed by SPT interface 1 14 is referred to as the subject restriction. 

For each of restrictions 902, processing transfers to test step 1008 (Figure 10) in 
which SPT interfece 1 14 (Figure 1) determines whether the subject restriction is of a type 
enforceable by portable player 150. If not, processing transfers to step 1010 (Figure 10) in 
which SPT interface 1 14 refuses to download SPT 1 16 for portable player 150 and 
processing terminates in step 1012. Conversely, ifthe subject restriction is of a type 
enforceable by portable player 150, processing transfers through next step 1014toloop 
step 1 006 and the next of restrictions 902 (Figure 9) is processed acconiing to the loop of 
steps 1006-1014. 

When all restrictions 902 (Figure 9) have been processed in the loop of steps 1006- 
1014, SPT interface 114 has determined that portable player 150 can enforce all 
restrictions 902 and processing transfers to step 1016 in which SPT interface 1 14 proceeds 
with downloading SPT 1 16 for portable player 150. Thus. SPT interface 1 14 ensures that 
portable player 150 can enforce all restrictions placed upon SPT 1 16 prior to making SPT 
1 1 6 available to portable player 1 50. 

Smart Media 

In one embodiment, storage medium 202 (Figure 2) is replaced with smart medium 
1 1 02 (Figure 1 1). Smart medium 1 1 02 replaces read-only serial number 204 (Figure 2) 
with cryptographic logic 1104. Cryptographic logic 11 04 is embedded in the packaging of 
smart medium 1 102 in a manner which is analogous to the embedding of logic in any 
currently available smart card. e.g., a plastic canl of the approximate dunensions of a 
credit card with embedded integrated circuioy. Ciyptographic logic 1 104 perfonns 
encryption and decryption using an encryption algorithm and key which are both kept 
entirely secret within cryptographic logic. 
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Logic flow diagram 1200 (Figure 12) illustrates the preparation of SPT 1 16 (Figure 
1) from one or more of tracks 110 by SPT interface 114 for playback by portable player 
150. Instep 1202 (Figure 12), SPT interfece 114(Figure 1) encrypts the content of one or 
more of tracks 1 10 using, for example, symmetric key encryption. 

Instep 1204 (Figure 12), SPTinterfece 114(Figure II) sends the master media key 
to c^tographic logic 1104 for encryption. Cryptographic logic 1104 returns the master 

media key in an encrypted form. The particular mam^r in which the master media key is 
encrypted by cryptographic logic 1 104 is not known by. and is of no concern to SPT 

mterface 11 4 so long as cryptographic logic 1 104 can later deczypt the master media key 

Smce the master media key is encrypted using cyptographic logic 1 1 04, the master 
media key- and therefore the content of SPT 1 16 which is encrypted with the master 
mediakey-can only bedecypted using cyptographic logic 1104. By embedding 
ciyptographic logic 1 1 04 in the packaging of smart medium 1 1 02 thereby carefully 
guarding the secrecy of ciyptographic logic 1104. SPT 1 16 is bound to smart medium 
1 102 and can only be played back from smart medium 1 102. SPT 1 16 cannot be played 
back from any other storage medium unless cyptographic logic 1 104 is accurately 
replicated. Replication of such embedded logic is particularly difficult, especially for 
casual listeners of music. 

Instep 1206 (Figure 12). SPT interfece 114(Figure 11) forms SPT 116 and stores 
theencr3Ttedco„tentinSPT116. SPT interface 114 stores the encr>^ted master media 
key in the header of SPT 1 16. SPT 1 16 is therefore bound to smart medium 1 102. 

The security afforded by such binding is more Mly appreciated in the context of 
decodmg for playback by portable player 150 as illustrated by logic flow diagram 1300 
(Figure 13). In the context of logic flow diagram 1300. storage media 1 102 (Figure 1 1) is 
mstalled in portable player 150 such that SPTs 1 1 6 are accessible to portable player 1 50 
To playback a selected one of SPTs 1 1 6, player logic 502A (Figure 5) reads SPT 1 1 6 and 
parses header 302 (Figure 3) therefrom and parses the encrypted master media key from 
header 302 in step 1302 (Figure 13). 

In step 1304 (Figure 13), player logic 502A (Figure 5) sends the encopted master 
media key to c^T^tographic logic 1 104 (Figure 1 1) for decryption. Cryptographic logic 
1 104 returns the master media key in an un-encrypted form. The particular mamier in 
which the master media key is decypted by cryptographic logic 1 104 is not known by, and 
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is of no concern to, player logic 502A (Figure 5). Since player 110 (Figure 1), SPT 
interface 1 14, and player 150 do not know the particular encryption/deayption algorithm 
implemented by cryptographic logic 1 104 (Figure 1 1). the secrecy of that algorithm is 
more easily protected. 

In step 1306 (Figure 13), player logic 502A (Figure 5) decrypts the content of SPT 
116 using the decrypted media master key. Afterstep 1306 (Figure 13), the content of 
SPT 1 16 is un-encrypted and is available for decompression and playback by player logic 
502A. Decompression and playback of the un-encrypted content is conventional. 

External Plaver Rftfrifrtr^ti^n 

As described above, player 1 10 (Figure 1) requires device identification data such 
as read-only key 504A (Figure 5) to bind SPTs 1 1 6 to a particular extend player such as 
portable player 150. To register portable player 150 (Figure 1). portable player 150 
communicates with player 1 10. e.g., through I/O port 140 and SPT interfece 1 14. Portable 
player 150 can be coupled to I/O port 140 using a convenient cradle such as those used in 
conjunction with curtentiy available portable MP3 players and with the Palm series of 
personal digital assistants (PDAs) available from 3Com Corp. of Santa Clara. California. 
For external players which are somewhat less portable. e.g.. components of a home stereo 
system. CLP 512A (Figure 5), certificate 508A, key pair 510A, and keys 504A and 506A1 - 
4 can be included on a smart card such as those used in conjunction with cuirently 
available digital sateUite system (DSS) receivers. Such smart cards can be inserted into a 
reader coupled to I/O port 140 (Figure 1) to carry out registration and key exchange and i^- 
mserted in the stereo system component external player for playback of SPTs 1 1 6. Dash- 
mounted external players in a car can include CLP 512A (Figure 5), certificate 508A. key 
pair 510A, and keys 504A and 506A1-4 in a detachable faceplate such as those commonly 
used for theft deterrence. The detachable face plate can be coupled to I/O port 140 (Figure 
1 ) through a cradle similar to those described above except that the form of the cradle fits 
the detachable face and include electrical contacts to meet contacts included in the 
detachable face plate. 

Once portable player 150 is in communication with SPT interface 1 14, and 
therethrough with player 110, portable player 150 and player 1 10 conduct a key exchange 
in the manner described above. As a result, player 1 1 0 has a copy of read-only key 504A 
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What is claimed is: 



1 . A method for binding subject data to a selected data access device such that 
the subject data is inaccessible to data access devices other than the selected data access 
device, the method comprising: 

encrypting the subject data to fonn enciypted subject data using data 
uniquely corresponding to the selected data access device as an encryption key; 
forming key identification data from the encryption key; and 
storing the encrypted subject data and the key identification data in a 
storage medium which is readable by the selected data access device. 

2. The method of Claim 1 wherein encrypting the subject data comprises: 
encrypting the subject data using a master key; and 

encrypting the master key with the encryption key to form an encrypted 
master key. 

3. The method of Claim 2 wherein storing the encrypted subject data and the 
key identification data further comprises: 

storing the encrypted master key in the storage medium. 

4. The method of Claim 3 further comprising: 

forming message verification data using the key identification data and tiie 
encrypted master key; and 

storing the message verification data in the storage medium. 

5. The method of Claim 4 wherein the message verification data is a message 
authentication code (MAC). 



6. 



The method of Claim 1 further comprising: 

forming message verification data using the key identification data; and 
storing the message verification data in die storage medium. 
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9 ■n---«-'ofa«iml»h««nte<taa«c,.UyWdbyfl»sele«edda» 
access device is read-only. 

<htaaccBsdevice,tlMme(lio<lcomprisiiig: 

«trievtog key id«,Sflca,io„ date ft„„ to a„^^ 

'""^'^'^k^^'^-'ifl^aaonda^co^spondsu.'da.asecr^^ 
held by the selected data access device; 

i^trieving enc^T^ted subject data from the storage medium; and 
decrypting the enc^pted subject data using the data secretly held by the 
selected data access device as an encryptionkey to form the subject data. 

11. ^^-thodofCIaimlOwhereinthestoragemediumisaremovable 
Storage medium. 



12. The method of Claim 10 wherein decrypting comprises: 

retrieving an encrypted master key from the storage medium; 
decrypting the encrypted master key using the data secretly held by the 

selected dataaccessdevice as an encryption key to fbnnamasterkey and 

decryptmg the encrypted subject data using the master key to form the 
subject data. 

13. The method of Claim 10 further comprises: 

retrieving message verification data from the storage medium- and 
verifying authenticity of the key identification data using the message 

verification data. 
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14. The method of Claim 13 wherein the message verification data is a message 
authentication code (MAC). 



15. The method of Claim 10 wherein the subject data includes digitized audio 

signals. 



16. The method of Claim 1 5 further comprising: 
playing back tiie digitized audio signals. 

17. The method of Claim 10 wherein the subject data includes digitized video 

signals. 

1 8. The method of Claim 1 7 further comprising: 
rendering the digitized video signals. 

19. The metiiod of Claim 10 wherein tiie subject data includes computer code. 

20. The method of Claim 15 further comprising: 
executing die computer code. 

21. A metiiod for accessing subject data from a storage medium by a selected 
data access device, tiie metiiod comprising: 

receiving key data uniquely corresponding to a second data access device 
from the second data access device; 

retrieving key identification data fi-om tiie storage medium; 

determining tiiat tiie key identification data corresponds to the key data 
received fi-om tiie second data access device; 

retiieving encrypted subject data from tiie storage medium; and 

deciypting flie encrypted subject data using tiie key data received from tiie 
second data access device as an encryption key to form tfie subject data. 



The metiiod of Claim 2 1 wherein tiie storage medium is a removable 
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storage medium. 



23. The „,eAod of Claim 21 „h««„ d«=,jpS^ 

ranevmg an ™aer key fern fte 3««ge medium- 

J«'^'i"6'^-cW«i™sterkey«„gfl«da««o««yMdbyte 
Pieced da,aa«essd.vic..ane„e^<„key«f„™amaatolcey; and 



24 He me*«l of Claim 2. „he«i„ living key dau uniquely 
«>nespol.dmg (0 a second dataaccess device comprises: 

/»*«»"^»-agetod.secondda.aacccssdevicere,„esd^^ 
(lata fiom the second data access device; 

'"^""S^^Plym^-agefiomthcseconddataaccessdevice^Weh 
includes encrypted key data; 

decrypting the encrypted key data to form the key data. 

uniquely 



25. Tl« method ofClaim 24 «teein,eceiving key data >mi, 



corresponding to a =«x,nd data access device ftrther comprises: 

^<^8»»«""ngeme«agetotheseco.ddataacccssdevicewherefl,e 

exchange message includes encrypted key data unicpelyconcsponding to the 
selected data access device. 

26. The method of Claim 24 wherein receiving key data uniquely 
corresponding to a second data access device firrther comprises: 

receiving a tenninate message from the second data access device. 

27. n,e method of Claim 24 wherein receiving key data uniquely 
corresponding to a second data access device further comprises: 

preventingstorageofthekeydatawithintheselecteddataaccessdevice 

uponacondition in Which equivalent key data is already stor^ within the selected 
data access device. 
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28. The method of Claim 24 wherein the request message includes a pseudc 
random number. 



29. The method of Claim 28 wherein the reply message include the fiist- 
mentioned pseudo-random number and a second pseudo-random number. 

30. The method of Claim 24 wherein the request message includes a certificate 
of the selected data access device. 

31 The method of Claim 24 wherein the request message conveys a public key 
of the selected data access device to the second data access device. 

32. The method of Claim 3 1 wherein decrypting the enciypted key data 
comprises: 

deciypting the enciypted key data using the private key of the selected data 
access device to form the key data. 

33. The method of Claim 21 wherein receiving key data uniquely 
corresponding to a second data access device comprises: 

receiving a request message fiom the second data access device requesting 
key data from the selected data access device; 

sending a reply message to the second data access device which includes 
encrypted key data; 

receiving an exchange message from the second data access device which 
includes other encrypted key data; and 

decrypting the other encrypted key data to form the key data. 
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